RE: Anonymity in the browser - was: nasty nasty bug in chrome from Peter Williams on 2011-02-12 (public-xg-webid@w3.org from February 2011)

From: Peter Williams <home_pw@msn.com>
Date: Sat, 12 Feb 2011 07:53:14 -0800
To: <henry.story@bblfish.net>, <nathan@webr3.org>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-w22A1B210CADB368DA2DDB192EE0@phx.gbl>

Still not convinced; on formal grounds.

The only security enforcing claim Ive heard so for, for incognito mode, concerns destruction of state on leaving the mode. The claim says nothing about start conditions.

I don know how anyone can do security engineering in a vacuous claim theater. Obviously, lots of crypto-politics can be getting done (which is webby) - with each side innovating to subvert or protect the next generation of design.

In terms of webid incubation, perhaps consider that the above example motivate organization: one leverages archetypes, as hte orgnanizational principle, embodying rationale without specifying form. Less prosaically, let the baseline be crap so as promote endless discusses on principles, but allow for its selective replacement by engineerined solutions desired by sub-communities. (This is what we did with certs and SSL ciphersuites, allowing military type to "tuneup" the browser for their assuranace requirement for their office systems - since they had got passed the "conveneice is more important that security" that holds back most public adoption of medium-level assurances )

> From: henry.story@bblfish.net
> Date: Sat, 12 Feb 2011 12:37:19 +0100
> To: nathan@webr3.org; public-xg-webid@w3.org
> Subject: Anonymity in the browser - was: nasty nasty bug in chrome
> 
> 
> On 12 Feb 2011, at 00:06, Nathan wrote:
> 
> > Henry Story wrote:
> >> On 9 Feb 2011, at 02:21, Nathan wrote:
> >>> It appears, that if you webid auth in chrome, them open a new incognito window, then go to the same website again, it'll automatically send your cert and auth you w/o asking..
> >> Did you report that bug? It's worth doing it. They are very responsive. Just send us the bug ID here, and we can all vote on it :-)
> > 
> > http://code.google.com/p/chromium/issues/detail?id=72772
> > 
> > Sorry it took a while.
> 
> Excellent work! Thanks for bringing the issue up. I added a comment there
> pointing them to this thread and to ISSUE-14: "WebID and Browsers"
> 
> Henry
> 
> > 
> > Best,
> > 
> > Nathan
> 
> Social Web Architect
> http://bblfish.net/
> 
>

Received on Saturday, 12 February 2011 15:53:48 UTC